删除服务端材质渲染功能及system_config表，转为环境变量配置，初步配置管理员功能

2025-12-08 19:12:30 +08:00
parent 399e6f096f
commit 9b0a60033e
37 changed files with 1135 additions and 3913 deletions
--- a/pkg/auth/casbin.go
+++ b/pkg/auth/casbin.go
@@ -0,0 +1,124 @@
+package auth
+
+import (
+	"fmt"
+	"sync"
+
+	"github.com/casbin/casbin/v2"
+	gormadapter "github.com/casbin/gorm-adapter/v3"
+	"go.uber.org/zap"
+	"gorm.io/gorm"
+)
+
+// CasbinService Casbin权限服务
+type CasbinService struct {
+	enforcer *casbin.Enforcer
+	logger   *zap.Logger
+	mu       sync.RWMutex
+}
+
+// NewCasbinService 创建Casbin服务
+func NewCasbinService(db *gorm.DB, modelPath string, logger *zap.Logger) (*CasbinService, error) {
+	// 使用Gorm适配器，自动使用casbin_rule表
+	adapter, err := gormadapter.NewAdapterByDBUseTableName(db, "", "casbin_rule")
+	if err != nil {
+		return nil, fmt.Errorf("创建Casbin适配器失败: %w", err)
+	}
+
+	// 创建Enforcer
+	enforcer, err := casbin.NewEnforcer(modelPath, adapter)
+	if err != nil {
+		return nil, fmt.Errorf("创建Casbin执行器失败: %w", err)
+	}
+
+	// 加载策略
+	if err := enforcer.LoadPolicy(); err != nil {
+		return nil, fmt.Errorf("加载Casbin策略失败: %w", err)
+	}
+
+	logger.Info("Casbin权限服务初始化成功")
+
+	return &CasbinService{
+		enforcer: enforcer,
+		logger:   logger,
+	}, nil
+}
+
+// Enforce 检查权限
+// sub: 主体(用户角色), obj: 资源, act: 操作
+func (s *CasbinService) Enforce(sub, obj, act string) (bool, error) {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+
+	return s.enforcer.Enforce(sub, obj, act)
+}
+
+// CheckPermission 检查用户权限（便捷方法）
+func (s *CasbinService) CheckPermission(role, resource, action string) bool {
+	allowed, err := s.Enforce(role, resource, action)
+	if err != nil {
+		s.logger.Error("权限检查失败",
+			zap.String("role", role),
+			zap.String("resource", resource),
+			zap.String("action", action),
+			zap.Error(err),
+		)
+		return false
+	}
+	return allowed
+}
+
+// AddPolicy 添加策略
+func (s *CasbinService) AddPolicy(sub, obj, act string) (bool, error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	return s.enforcer.AddPolicy(sub, obj, act)
+}
+
+// RemovePolicy 移除策略
+func (s *CasbinService) RemovePolicy(sub, obj, act string) (bool, error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	return s.enforcer.RemovePolicy(sub, obj, act)
+}
+
+// AddRoleForUser 为用户添加角色
+func (s *CasbinService) AddRoleForUser(user, role string) (bool, error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	return s.enforcer.AddRoleForUser(user, role)
+}
+
+// GetRolesForUser 获取用户的角色
+func (s *CasbinService) GetRolesForUser(user string) []string {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+
+	roles, _ := s.enforcer.GetRolesForUser(user)
+	return roles
+}
+
+// GetPermissionsForRole 获取角色的所有权限
+func (s *CasbinService) GetPermissionsForRole(role string) [][]string {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+
+	perms, _ := s.enforcer.GetPermissionsForUser(role)
+	return perms
+}
+
+// ReloadPolicy 重新加载策略
+func (s *CasbinService) ReloadPolicy() error {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	return s.enforcer.LoadPolicy()
+}
+
+// GetEnforcer 获取原始Enforcer（用于高级操作）
+func (s *CasbinService) GetEnforcer() *casbin.Enforcer {
+	return s.enforcer
+}